Yes indeed I'm using only half the hash. This is fully sufficient to find the right certificate in the certificate store. Before this change I only used the serial number - this is something the certificate creator can set, and may be meaningless when using a self signed certificate.